Low-Level Attacks in Bitcoin Wallets

  • Andriana GkaniatsouEmail author
  • Myrto Arapinis
  • Aggelos Kiayias
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10599)


As with every financially oriented protocol, there has been a great interest in studying, verifying, attacking, identifying problems, and proposing solutions for Bitcoin. Within that scope, it is highly recommended that the keys of user accounts are stored offline. To that end, companies provide solutions that range from paper wallets to tamper-resistant smart-cards, offering different level of security. While incorporating expensive hardware for the wallet purposes is though to bring guarantees, it is often that the low-level implementations introduce exploitable back-doors. This paper aims to bring to attention how the overlooked low-level protocols that implement the hardware wallets can be exploited to mount Bitcoin attacks. To demonstrate that, we analyse the general protocol behind Ledger Wallets, the only EAL5+ certified against side channel analysis attacks hardware. In this work we conduct a throughout analysis on the Ledger Wallet communication protocol and show how to successfully attack it in practice. We address the lack of well-defined security properties that Bitcoin wallets should conform by articulating a minimal threat model against which any hardware wallet should defend. We further use that threat model to propose a lightweight fix that can be adopted by different technologies.


  1. 1.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39884-1_4 CrossRefGoogle Scholar
  2. 2.
    Bamert, T., Decker, C., Wattenhofer, R., Welten, S.: BlueWallet: the secure bitcoin wallet. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 65–80. Springer, Cham (2014). doi: 10.1007/978-3-319-11851-2_5 Google Scholar
  3. 3.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32946-3_29 CrossRefGoogle Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). doi: 10.1007/BFb0052259 CrossRefGoogle Scholar
  5. 5.
    Bitcoin ewallet vanishes from internet.
  6. 6.
  7. 7.
  8. 8.
    Bozzato, C., Focardi, R., Palmarini, F., Steel, G.: APDU-level attacks in PKCS#11 devices. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 97–117. Springer, Cham (2016). doi: 10.1007/978-3-319-45719-2_5 CrossRefGoogle Scholar
  9. 9.
    Datko, J., Quartier, C., Belyayev, K.: Breaking bitcoin hardware wallets. In: DEFCON (2017)Google Scholar
  10. 10.
    De Koning Gans, G., De Ruiter, J.: The smartlogic tool: analysing and testing smart card protocols. In: 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST), pp. 864–871 (2012)Google Scholar
  11. 11.
    Decker, C., Wattenhofer, R.: Bitcoin transaction malleability and MtGox. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 313–326. Springer, Cham (2014). doi: 10.1007/978-3-319-11212-1_18 Google Scholar
  12. 12.
    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_25 CrossRefGoogle Scholar
  13. 13.
    Gkaniatsou, A., McNeill, F., Bundy, A., Steel, G., Focardi, R., Bozzato, C.: Getting to know your card: reverse-engineering the smart-card application protocol data unit. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 441–450 (2015)Google Scholar
  14. 14.
    Hao, F., Ryan, P.: J-PAKE: authenticated key exchange without PKI. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science XI. LNCS, vol. 6480, pp. 192–206. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-17697-5_10 CrossRefGoogle Scholar
  15. 15.
    Herrera-Joancomartí, J.: Research and challenges on bitcoin anonymity. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 3–16. Springer, Cham (2015). doi: 10.1007/978-3-319-17016-9_1 Google Scholar
  16. 16.
  17. 17.
    Hsiao, H.-C., Lin, Y.-H., Studer, A., Studer, C., Wang, K.-H., Kikuchi, H., Perrig, A., Sun, H.-M., Yang, B.-Y.: A study of user-friendly hash comparison schemes. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 105–114. IEEE (2009)Google Scholar
  18. 18.
    Huang, D.Y., Dharmdasani, H., Meiklejohn, S., Dave, V., Grier, C., McCoy, D., Savage, S., Weaver, N., Snoeren, A.C., Levchenko, K.: Botcoin: monetizing stolen cycles. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014Google Scholar
  19. 19.
    Karame, G.O., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 906–917 (2012)Google Scholar
  20. 20.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_25 Google Scholar
  21. 21.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). doi: 10.1007/3-540-68697-5_9 Google Scholar
  22. 22.
    Lim, I.-K., Kim, Y.-H., Lee, J.-G., Lee, J.-P., Nam-Gung, H., Lee, J.-K.: The analysis and countermeasures on security breach of bitcoin. In: Murgante, B., Misra, S., Rocha, A.M.A.C., Torre, C., Rocha, J.G., Falcão, M.I., Taniar, D., Apduhan, B.O., Gervasi, O. (eds.) ICCSA 2014. LNCS, vol. 8582, pp. 720–732. Springer, Cham (2014). doi: 10.1007/978-3-319-09147-1_52 Google Scholar
  23. 23.
    Murdoch, S.J., Drimer, S., Anderson, R.J., Bond, M.: Chip and PIN is broken. In: 31st IEEE Symposium on Security and Privacy, S&P 2010, Berleley/Oakland, California, USA, 16–19 May 2010, pp. 433–446 (2010)Google Scholar
  24. 24.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system.
  25. 25.
    Poulsen, K.: New malware steals your bitcoin (2011).
  26. 26.
    Rosenfeld, M.: Analysis of hashrate-based double spending. CoRR, abs/1402.2009 (2014)Google Scholar
  27. 27.
  28. 28.
    The Bitcoin Wiki (2014).
  29. 29.
    Turuani, M., Voegtlin, T., Rusinowitch, M.: Automated verification of electrum wallet. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 27–42. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53357-4_3 CrossRefGoogle Scholar
  30. 30.
    Uzun, E., Karvonen, K., Asokan, N.: Usability analysis of secure pairing methods. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886, pp. 307–324. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-77366-5_29 CrossRefGoogle Scholar
  31. 31.
    Wuille, P.: Dealing with maellability. Online specification for BIP62 (2014)Google Scholar
  32. 32.
    Wuille, P.: Hierarchical deterministic wallets. Online specification for BIP32 (2017)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Andriana Gkaniatsou
    • 1
    Email author
  • Myrto Arapinis
    • 1
  • Aggelos Kiayias
    • 1
  1. 1.School of InformaticsUniversity of EdinburghEdinburghUK

Personalised recommendations